These procedures describe how to generate an SSH public and private key pair in Linux or MacOS. For instructions on generate an SSH public and private key pair in Windows, seeGenerating an SSH Key Pair in Windows, on page 26.
Deploying the Cloud APIC in Azure Generating an SSH Key Pair in Linux or MacOS
Step 1 On your Linux virtual machine or Mac, create a public and private key pair using ssh-keygen, directing the output to a file.
# ssh-keygen -f filename
For example:
# ssh-keygen -f azure_key
Output similar to the following appears. Press the Enter key without entering any text when you are asked to enter a passphrase (leave the field empty so that there is no passphrase).
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in azure_key.
Your public key has been saved in azure_key.pub.
The key fingerprint is:
SHA256:gTsQIIAadjgNsgcguifIloh4XGpVWMdcXVV6U0dyBNs ...
Step 2 Locate the public and private key files that you saved.
# ls
Two files should be displayed, where:
• The file with the .pub suffix contains the public key information
• The file with the same name, but with no suffix, contains the private key information
For example, if you directed the output to a file named azure_key, you should see the following output:
# ls azure_key azure_key.pub
In this case:
• The azure_key.pub file contains the public key information
• The azure_key file contains the private key information
Step 3 Open the public key file and copy the public key information from that file, without the username@hostname information at the end.
The private key file is not used in the installation process. However, you might need it for other reasons, such as logging into your Cloud APIC through SSH, as described inLogging Into Cloud APIC Through SSH, on page 107.
Note
What to do next
Follow the instructions inDeploying the Cloud APIC in Azure, on page 30to continue the Azure configuration process, which includes pasting the public key information from the public key file into the Azure ARM template.
Deploying the Cloud APIC in Azure
Generating an SSH Key Pair in Linux or MacOS
Deploying the Cloud APIC in Azure
Before you begin
• Verify that you have met the requirements outlined inRequirements for Extending the Cisco ACI Fabric to the Public Cloud, on page 15before proceeding with the tasks in this section. For example, verify that you have the correct number of elastic IP addresses and that you have checked the limits that are allowed to deploy the instances.
Step 1 Log into your Azure account for the Cloud APIC infra tenant and go to the Azure management portal, if you are not there already:
https://portal.azure.com/#home
Step 2 From the main Azure management portal page, in the search text field, type Cisco Cloud APIC.
Step 3 In the Cisco Cloud APIC page, in the Select a plan field, selectRelease 5.1(2)and click Create.
The Basics page for the Cisco Cloud APIC screen appears.
Step 4 Complete the necessary fields in the Basics page:
• Subscription: Select the Cloud APIC infra subscription account from the drop-down list.
• Resource group: Choose an existing resource group from the drop-down list or click Create new to enter a name for a new resource group.
A resource group is a container that holds related resources for an Azure solution.
Starting with Release 5.0(2), you can define custom naming rules for most cloud resources created by the Cloud APIC, with the exception of the resource group for the Cloud APIC itself. Ensure that the resource group name you select here is correct.
• Region: Select the location from the drop-down list where you want to deploy the virtual machine for the Cloud APIC.
• Virtual Machine name: Enter a virtual machine name. This entry will be the name for the virtual machine for this Cloud APIC. The virtual machine name must be only alphanumeric characters, but can be separated by dashes (for example, CloudAPIC).
• Password: Enter an admin password. This entry is the password that you will use to log into the Cloud APIC after you have enabled SSH access.
The password must have the following characteristics:
• Must be between 12 and 72 characters in length
• Must have three of the following:
• 1 lower case letter
• 1 upper case letter
• 1 number
• 1 of the following acceptable special characters:
Deploying the Cloud APIC in Azure Deploying the Cloud APIC in Azure
@$!%*#?&
• Confirm Password: Enter the admin password again.
• SSH Public Key: Paste the public key information that you copied at the end of one of these procedures:
•Generating an SSH Key Pair in Windows, on page 26
•Generating an SSH Key Pair in Linux or MacOS, on page 28
You will use this SSH key pair to log into the Cloud APIC. Note that the ssh-rsa string should remain at the beginning of the public key string that you paste into this field.
If you generated an SSH key pair in Windows, the key in the PuTTY Key Generator ends with ==
rsa-key-<date-stamp>. Truncate the key so that it does not include == rsa-key-<date-stamp>. If the form does not accept the key in this format, add == back to the end of the key, as this format is required in some regions.
If the key is not in the correct format, the Cloud APIC will not complete its installation.
Note
Step 5 When you have finished completing the fields in this page, click Next: ACI Settings.
The ACI Settings page for the Cisco Cloud APIC screen appears.
Step 6 Complete the necessary fields in the ACI Settings page:
• ACI Fabric Name: Leave the default value as-is or enter a fabric name. This entry will be the name for this Cloud APIC. The fabric name must be only alphanumeric characters, but can be separated by dashes (for example, ACI-Cloud-Fabric).
• Virtual machine size: The virtual machine size is automatically set to the default deployment size of Standard_D8s_v3. You cannot change the default virtual machine size setting.
• Image Version: Choose 5.1(2) in this field.
• Infra Subnet: The infra pool for your Cloud APIC. This field is automatically populated with a default value of 10.10.0.0/24. Change the value in this field if the default value overlaps with your infra pool from your on-premises fabric. This entry must be a /24 subnet.
• Public IP Address: Set the public IP address to static.
a. In the Public IP Address field, click Create New.
To assign a private IP address for Cloud APIC, select none from the drop-down list.
Note
The Create public IP address field appears on the right side of the page.
b. In the SKU area, choose either the Basic or the Standard SKU.
For more information on the differences between the Basic and the Standard SKU, see the Public IP Addresses in Azure document in the Microsoft documentation site.
c. In the Assignment area, choose Static.
Do not leave the setting as Dynamic in the Assignment area.
d. Click OK in the Create public IP address area.
Deploying the Cloud APIC in Azure
Deploying the Cloud APIC in Azure
• DNS Prefix for the public IP Address: The Cloud APIC DNS name prefix. When the Cloud APIC is deployed, you can access the Cloud APIC using the DNS name.
• External Subnets: Enter the IP addresses and subnets of the external networks that you will allow to connect to Cloud APIC (for example, 192.0.2.0/24). Only the IP addresses from this subnet are allowed to connect to Cloud APIC. Entering a value of 0.0.0.0/0 means that anyone is allowed to connect to Cloud APIC.
• Virtual Network Name: Leave the default entry for the virtual network name as-is or change the entry in this field, if desired.
• Management NSG Name: Leave the default entry for the management network security group name as-is or change the entry in this field, if desired.
• Management ASG Name: Leave the default entry for the management application security group name as-is or change the entry in this field, if desired.
• Subnet Prefix: Leave the default entry for the subnet prefix as-is or change the entry in this field, if desired.
Step 7 When you have finished completing the fields in this page, click Next: Review + create.
The Review + create page for the Cisco Cloud APIC screen appears.
Step 8 Review the information in the Review + create page, then click Create.
The system now uses the information that you provided in the template to create the Cloud APIC VM instance. This process takes 5-10 minutes to complete. Click the Notifications icon (the bell-shaped icon) to check the status of the deployment of your Cloud APIC.
Step 9 When the deployment is complete, add a User Access Administrator role assignment.
a) From the main Azure management portal page, click the All services link in the left nav bar, then click the Subscriptions link.
b) In the Subscriptions page in the Azure management portal, click the subscription account to which Cloud APIC was deployed.
Deploying the Cloud APIC in Azure Deploying the Cloud APIC in Azure
The overview information for that subscription is displayed.
c) From the overview page for that subscription, locate the Access control (IAM) link in the left nav bar and click that link.
The Access Control page for that subscription is displayed.
d) Click + Add, then select Add role assignment from the drop-down menu.
e) In the Add role assignment page, make the following selections:
• In the Role field, select User Access Administrator from the drop-down menu.
• In the Assign access to field, select Virtual Machine.
• In the Subscription field, select the subscription where the Cloud APIC is deployed.
• Select the Cloud APIC virtual machine.
f) Click Save at the bottom of the screen.
What to do next
Go toAdding a Role Assignment, on page 33to determine if you need to add a role assignment for a managed identity or unmanaged identity for the access type.